Does Simple Subscriber Signup Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Subscriber Signup Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Subscriber Signup Widget compatible with WordPress 3.7.41?

According to WordPress.org data, Simple Subscriber Signup Widget 1.0.1 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is Simple Subscriber Signup Widget updated?

Simple Subscriber Signup Widget was last updated on Apr 17, 2014. Frequent updates are generally a positive security signal.

What is Simple Subscriber Signup Widget's security score?

Simple Subscriber Signup Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Subscriber Signup Widget Security & Risk Analysis

wordpress.org/plugins/simple-subscriber-signup-widget

A simple plugin to allow visitors to submit their email and name and be added to the subscribers list

80 active installs v1.0.1 PHP + WP 3.0.1+ Updated Apr 17, 2014

registerregistrationsignupsubscribewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Simple Subscriber Signup Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Subscriber Signup Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "simple-subscriber-signup-widget" plugin v1.0.1 exhibits a concerning security posture due to a significant attack surface with no authentication checks on its AJAX endpoints. While the code generally avoids dangerous functions and uses prepared statements for SQL, the lack of input validation and sanitization on these unprotected entry points is a major weakness. The taint analysis revealing flows with unsanitized paths, although not classified as critical or high severity in this specific analysis, points to potential avenues for exploitation if the data were to be used in a sensitive context.

The plugin's vulnerability history is notably clean, with no recorded CVEs. This absence of past vulnerabilities is a positive signal, suggesting a potential for well-written or less targeted code. However, this should not overshadow the immediate risks presented by the unprotected AJAX handlers. The current version has strengths in its SQL handling and lack of dangerous functions, but the unauthenticated AJAX entry points present a clear and present danger that requires immediate attention to mitigate potential cross-site scripting (XSS) or other injection attacks.

Key Concerns

AJAX handlers without auth checks (2)
Flows with unsanitized paths (2)
Low output escaping percentage (17%)
Missing nonce checks on AJAX
Missing capability checks

Vulnerabilities

None known

Simple Subscriber Signup Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Subscriber Signup Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

17% escaped12 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

do_ajax_simsignup (simple-signup-widget.php:26)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Simple Subscriber Signup Widget Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_do_ajax_simsignupsimple-signup-widget.php:19

noprivwp_ajax_do_ajax_simsignupsimple-signup-widget.php:20

WordPress Hooks 2

actionwp_enqueue_scriptssimple-signup-widget.php:12

actionwidgets_initsimple-signup-widget.php:89

Maintenance & Trust

Simple Subscriber Signup Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedApr 17, 2014

PHP min version

Downloads5K

Community Trust

Rating80/100

Number of ratings2

Active installs80

Alternatives

Simple Subscriber Signup Widget Alternatives

WP Register Profile With Shortcode

wp-register-profile-with-shortcode

This is a simple registration form in the widget. just install the plugin and add the register widget in the sidebar. Thats it. :)

400 1 unpatched

Navayan Subscribe

navayan-subscribe

Allows visitors to easily and quickly subscribe to your website with double optin, email templates, notifications, block spam.

100 1 unpatched

Network Subsite User Registration

network-subsite-user-registration

100

Allow the public to register user accounts on Subsites within a Network (MultiSite) installation.

50 No CVEs

Login & Register Customizer – Popup | Slider | Inline | WooCommerce

easy-login-woocommerce

Replace your old login/registration form with an interactive popup & inline form design

40K 6 CVEs

Allow Multiple Accounts

allow-multiple-accounts

Allow multiple user accounts to be created, registered, and updated having the same email address.

10K No CVEs

Developer Profile

Simple Subscriber Signup Widget Developer Profile

miocene22

1 plugin · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Subscriber Signup Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-subscriber-signup-widget/ajax.js

Script Paths